From 04c1500801f4d88635001bda1e4f73473fe8e33a Mon Sep 17 00:00:00 2001 From: Jeff Cantrill Date: Tue, 29 Nov 2016 16:31:13 -0500 Subject: =?UTF-8?q?Bruno=20Barcarol=20Guimar=C3=A3es=20work=20to=20move=20?= =?UTF-8?q?metrics=20to=20ansible=20from=20deployer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/hawkular_cassandra_rc.j2 | 94 ++++++++++++++++++++++ .../templates/hawkular_metrics_rc.j2 | 88 ++++++++++++++++++++ roles/openshift_metrics/templates/heapster.j2 | 66 +++++++++++++++ roles/openshift_metrics/templates/pvc.j2 | 27 +++++++ roles/openshift_metrics/templates/rolebinding.j2 | 23 ++++++ roles/openshift_metrics/templates/route.j2 | 23 ++++++ roles/openshift_metrics/templates/secret.j2 | 12 +++ roles/openshift_metrics/templates/service.j2 | 32 ++++++++ .../openshift_metrics/templates/serviceaccount.j2 | 16 ++++ 9 files changed, 381 insertions(+) create mode 100644 roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 create mode 100644 roles/openshift_metrics/templates/hawkular_metrics_rc.j2 create mode 100644 roles/openshift_metrics/templates/heapster.j2 create mode 100644 roles/openshift_metrics/templates/pvc.j2 create mode 100644 roles/openshift_metrics/templates/rolebinding.j2 create mode 100644 roles/openshift_metrics/templates/route.j2 create mode 100644 roles/openshift_metrics/templates/secret.j2 create mode 100644 roles/openshift_metrics/templates/service.j2 create mode 100644 roles/openshift_metrics/templates/serviceaccount.j2 (limited to 'roles/openshift_metrics/templates') diff --git a/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 new file mode 100644 index 000000000..bb8866263 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_cassandra_rc.j2 @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-cassandra-{{ node }} + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra + type: hawkular-cassandra +spec: + selector: + name: hawkular-cassandra-{{ node }} + replicas: 1 + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-cassandra + name: hawkular-cassandra-{{ node }} + type: hawkular-cassandra + spec: + serviceAccount: cassandra + containers: + - image: "{{ image_prefix }}metrics-cassandra:{{ image_version }}" + name: hawkular-cassandra-{{ node }} + ports: + - name: cql-port + containerPort: 9042 + - name: thift-port + containerPort: 9160 + - name: tcp-port + containerPort: 7000 + - name: ssl-port + containerPort: 7001 + command: + - "/opt/apache-cassandra/bin/cassandra-docker.sh" + - "--cluster_name=hawkular-metrics" + - "--data_volume=/cassandra_data" + - "--internode_encryption=all" + - "--require_node_auth=true" + - "--enable_client_encryption=true" + - "--require_client_auth=true" + - "--keystore_file=/secret/cassandra.keystore" + - "--keystore_password_file=/secret/cassandra.keystore.password" + - "--truststore_file=/secret/cassandra.truststore" + - "--truststore_password_file=/secret/cassandra.truststore.password" + - "--cassandra_pem_file=/secret/cassandra.pem" + env: + - name: CASSANDRA_MASTER + value: "{{ master }}" + - name: CASSANDRA_DATA_VOLUME + value: "/cassandra_data" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MEMORY_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.memory + - name: CPU_LIMIT + valueFrom: + resourceFieldRef: + resource: limits.cpu + divisor: 1m + volumeMounts: + - name: cassandra-data + mountPath: "/cassandra_data" + - name: hawkular-cassandra-secrets + mountPath: "/secret" + readinessProbe: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-docker-ready.sh" + lifecycle: + preStop: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-prestop.sh" + postStart: + exec: + command: + - "/opt/apache-cassandra/bin/cassandra-poststart.sh" + terminationGracePeriodSeconds: 1800 + volumes: + - name: cassandra-data +{% if hawkular_cassandra_storage_type == 'emptydir' %} + emptyDir: {} +{% else %} + persistentVolumeClaim: + claimName: "{{ hawkular_cassandra_pv_prefix }}-{{ node }}" +{% endif %} + - name: hawkular-cassandra-secrets + secret: + secretName: hawkular-cassandra-secrets diff --git a/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 new file mode 100644 index 000000000..bcfe9dc84 --- /dev/null +++ b/roles/openshift_metrics/templates/hawkular_metrics_rc.j2 @@ -0,0 +1,88 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: hawkular-metrics + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics +spec: + selector: + name: hawkular-metrics + replicas: 1 + template: + version: v1 + metadata: + labels: + metrics-infra: hawkular-metrics + name: hawkular-metrics + spec: + serviceAccount: hawkular + containers: + - image: {{image_prefix}}metrics-hawkular-metrics:{{image_version}} + name: hawkular-metrics + ports: + - name: http-endpoint + containerPort: 8080 + - name: https-endpoint + containerPort: 8443 + - name: ping + containerPort: 8888 + command: + - "/opt/hawkular/scripts/hawkular-metrics-wrapper.sh" + - "-b" + - 0.0.0.0 + - "-Dhawkular.metrics.cassandra.nodes=hawkular-cassandra" + - "-Dhawkular.metrics.cassandra.use-ssl" + - "-Dhawkular.metrics.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.metrics.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.metrics.allowed-cors-access-control-allow-headers=authorization" + - "-Dhawkular.metrics.default-ttl={{metrics_duration}}" + - "-Dhawkular-alerts.cassandra-nodes=hawkular-cassandra" + - "-Dhawkular-alerts.cassandra-use-ssl" + - "-Dhawkular.alerts.openshift.auth-methods=openshift-oauth,htpasswd" + - "-Dhawkular.alerts.openshift.htpasswd-file=/secrets/hawkular-metrics.htpasswd.file" + - "-Dhawkular.alerts.allowed-cors-access-control-allow-headers=authorization" + - "-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true" + - "-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true" + - "-DKUBERNETES_MASTER_URL={{master_url}}" + - "-DUSER_WRITE_ACCESS={{hawkular_user_write_access}}" + - "--hmw.keystore=/secrets/hawkular-metrics.keystore" + - "--hmw.truststore=/secrets/hawkular-metrics.truststore" + - "--hmw.keystore_password_file=/secrets/hawkular-metrics.keystore.password" + - "--hmw.truststore_password_file=/secrets/hawkular-metrics.truststore.password" + - "--hmw.jgroups_keystore=/secrets/hawkular-metrics.jgroups.keystore" + - "--hmw.jgroups_keystore_password_file=/secrets/hawkular-metrics.jgroups.keystore.password" + - "--hmw.jgroups_alias_file=/secrets/hawkular-metrics.jgroups.alias" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MASTER_URL + value: "{{ master_url }}" + - name: OPENSHIFT_KUBE_PING_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OPENSHIFT_KUBE_PING_LABELS + value: "metrics-infra=hawkular-metrics,name=hawkular-metrics" + volumeMounts: + - name: hawkular-metrics-secrets + mountPath: "/secrets" + - name: hawkular-metrics-client-secrets + mountPath: "/client-secrets" + readinessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-readiness.py" + livenessProbe: + exec: + command: + - "/opt/hawkular/scripts/hawkular-metrics-liveness.py" + volumes: + - name: hawkular-metrics-secrets + secret: + secretName: hawkular-metrics-secrets + - name: hawkular-metrics-client-secrets + secret: + secretName: hawkular-metrics-account diff --git a/roles/openshift_metrics/templates/heapster.j2 b/roles/openshift_metrics/templates/heapster.j2 new file mode 100644 index 000000000..779be0145 --- /dev/null +++ b/roles/openshift_metrics/templates/heapster.j2 @@ -0,0 +1,66 @@ +apiVersion: "v1" +kind: "ReplicationController" +metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster +spec: + selector: + name: heapster + replicas: 1 + template: + version: v1 + metadata: + name: heapster + labels: + metrics-infra: heapster + name: heapster + spec: + serviceAccountName: heapster + containers: + - name: heapster + image: {{image_prefix}}metrics-heapster:{{image_version}} + ports: + - containerPort: 8082 + name: "http-endpoint" + command: + - "heapster-wrapper.sh" + - "--wrapper.allowed_users_file=/secrets/heapster.allowed-users" + - "--source=kubernetes:{{master_url}}?useServiceAccount=true&kubeletHttps=true&kubeletPort=10250" + - "--tls_cert=/secrets/heapster.cert" + - "--tls_key=/secrets/heapster.key" + - "--tls_client_ca=/secrets/heapster.client-ca" + - "--allowed_users=%allowed_users%" + - "--metric_resolution={{metrics_resolution}}" +{% if not heapster_standalone %} + - "--wrapper.username_file=/hawkular-account/hawkular-metrics.username" + - "--wrapper.password_file=/hawkular-account/hawkular-metrics.password" + - "--wrapper.endpoint_check=https://hawkular-metrics:443/hawkular/metrics/status" + - "--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&labelNodeId={{metrics_node_id}}&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^system.slice.*|^user.slice)" +{% endif %} + volumeMounts: + - name: heapster-secrets + mountPath: "/secrets" +{% if not heapster_standalone %} + - name: hawkular-metrics-certificate + mountPath: "/hawkular-cert" + - name: hawkular-metrics-account + mountPath: "/hawkular-account" + readinessProbe: + exec: + command: + - "/opt/heapster-readiness.sh" +{% endif %} + volumes: + - name: heapster-secrets + secret: + secretName: heapster-secrets +{% if not heapster_standalone %} + - name: hawkular-metrics-certificate + secret: + secretName: hawkular-metrics-certificate + - name: hawkular-metrics-account + secret: + secretName: hawkular-metrics-account +{% endif %} diff --git a/roles/openshift_metrics/templates/pvc.j2 b/roles/openshift_metrics/templates/pvc.j2 new file mode 100644 index 000000000..8fbfa8b5d --- /dev/null +++ b/roles/openshift_metrics/templates/pvc.j2 @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{obj_name}} +{% if labels is not defined %} + labels: + logging-infra: support +{% elif labels %} + labels: +{% for key, value in labels.iteritems() %} + {{ key }}: {{ value }} +{% endfor %} +{% endif %} +{% if annotations is defined and annotations %} + annotations: +{% for key,value in annotations.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: + accessModes: +{% for mode in access_modes %} + - {{ mode }} +{% endfor %} + resources: + requests: + storage: {{size}} diff --git a/roles/openshift_metrics/templates/rolebinding.j2 b/roles/openshift_metrics/templates/rolebinding.j2 new file mode 100644 index 000000000..5230f0780 --- /dev/null +++ b/roles/openshift_metrics/templates/rolebinding.j2 @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: {% if cluster is defined and cluster %}Cluster{% endif %}RoleBinding +metadata: + name: {{obj_name}} +{% if labels is defined %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +roleRef: +{% if 'kind' in roleRef %} + kind: {{ roleRef.kind }} +{% endif %} + name: {{ roleRef.name }} +subjects: +{% for sub in subjects %} + - kind: {{ sub.kind }} + name: {{ sub.name }} +{% if 'namespace' in sub %} + namespace: {{ sub.namespace }} +{% endif %} +{% endfor %} diff --git a/roles/openshift_metrics/templates/route.j2 b/roles/openshift_metrics/templates/route.j2 new file mode 100644 index 000000000..a720c4959 --- /dev/null +++ b/roles/openshift_metrics/templates/route.j2 @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Route +metadata: + name: {{ name }} +{% if labels is defined and labels %} + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +{% endif %} +spec: + host: {{ host }} + to: + kind: {{ to.kind }} + name: {{ to.name }} +{% if tls is defined %} + tls: + termination: {{ tls.termination }} +{% if tls.termination == 'reencrypt' %} + destinationCACertificate: | +{{ tls.destination_ca_certificate|indent(6, true) }} +{% endif %} +{% endif %} diff --git a/roles/openshift_metrics/templates/secret.j2 b/roles/openshift_metrics/templates/secret.j2 new file mode 100644 index 000000000..370890c7d --- /dev/null +++ b/roles/openshift_metrics/templates/secret.j2 @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: "{{ name }}" + labels: +{% for k, v in labels.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} +data: +{% for k, v in data.iteritems() %} + {{ k }}: {{ v }} +{% endfor %} diff --git a/roles/openshift_metrics/templates/service.j2 b/roles/openshift_metrics/templates/service.j2 new file mode 100644 index 000000000..8df89127b --- /dev/null +++ b/roles/openshift_metrics/templates/service.j2 @@ -0,0 +1,32 @@ +apiVersion: "v1" +kind: "Service" +metadata: + name: "{{obj_name}}" +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +spec: +{% if headless is defined and headless %} + portalIP: None + clusterIP: None +{% endif %} + ports: +{% for port in ports %} + - +{% for key, value in port.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% if port.targetPort is undefined %} + clusterIP: "None" +{% endif %} +{% endfor %} +{% if service_targetPort is defined %} + targetPort: {{service_targetPort}} +{% endif %} + selector: + {% for key, value in selector.iteritems() %} + {{key}}: {{value}} + {% endfor %} diff --git a/roles/openshift_metrics/templates/serviceaccount.j2 b/roles/openshift_metrics/templates/serviceaccount.j2 new file mode 100644 index 000000000..b22acc594 --- /dev/null +++ b/roles/openshift_metrics/templates/serviceaccount.j2 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{obj_name}} +{% if labels is defined%} + labels: +{% for key, value in labels.iteritems() %} + {{key}}: {{value}} +{% endfor %} +{% endif %} +{% if secrets is defined %} +secrets: +{% for name in secrets %} +- name: {{ name }} +{% endfor %} +{% endif %} -- cgit v1.2.3